Communication device, communication method and computer program

ABSTRACT

A communication device includes: a first subscriber identification unit that stores first subscriber identification unit identification information associated with user identification information; and a communication unit that communicates with another communication device, the other communication device including a second subscriber identification unit that stores second subscriber identification unit identification information associated with user identification information. The first subscriber identification unit includes: a key memory unit that records a pair of a public key certificate and a secret key, the pair being shared with the second subscriber identification unit; a public key certificate generation unit that generates, using the secret key recorded in the key memory unit, a “first public key certificate comprising the first subscriber identification unit identification information or the user identification information associated with the first subscriber identification unit identification information”; and a secret key memory unit that records a secret key paired with the first public key certificate.

TECHNICAL FIELD

The present invention relates to a communication device, a communicationmethod and a computer program.

The present application claims priority on Japanese Patent ApplicationNo. 2015-209283, filed Oct. 23, 2015, the content of which isincorporated herein by reference.

BACKGROUND ART

Conventionally, public key cryptography has beets known as a techniquefor ensuring the privacy of communicated data. Public key cryptographygenerally involves exchanging public keys (public key certificates) bymaking use of PKI (Public Key Infrastructure) (see, e.g., Non-PatentDocument 1).

PRIOR ART DOCUMENTS Non-Patent Documents

-   [Non-Patent Document 1]

ITpro, “Introduction to information security—PKI (latter part)—How X.509certificates and PKI work”, internet <URL:http://itpro.nikkeibp.co.jp/article/COLUMN/20060725/244233/>

SUMMARY OF THE INVENTION Problem to be Solved by the Invention

However, the exchange of public keys (public key certificates) usingconventional PKI required the supplier of the public key (public keycertificate) to send a public key to a certification authority (CA),which is a third-party organization, in order to be issued a public keycertificate.

The present invention has been made in view of the aforementionedcircumstances, and has the purpose of providing a communication device,a communication method and a computer program wherein the validity of acommunication partner can be verified between communication devices atthe time of distribution of a public key by means of subscriberidentification information that is associated with user identificationinformation.

Means for Solving the Problem

(1): A communication device according to one aspect of the presentinvention includes: a first subscriber identification unit that storesfirst subscriber identification unit identification informationassociated with user identification information; and a communicationunit that communicates with another communication device, the othercommunication device including a second subscriber identification unitthat stores second subscriber identification unit identificationinformation associated with user identification information. The firstsubscriber identification unit includes: a key memory unit that recordsa pair of a public key certificate and a secret key, the pail beingshared with the second subscriber identification u a public keycertificate generation unit that generates, using the secret keyrecorded in the key memory unit, a “first public key certificateincluding the first subscriber identification unit identificationinformation or the user identification information associated with thefirst subscriber identification unit identification information”; and asecret key memory unit that records a secret key paired with the firstpublic key certificate generated by the public key certificategeneration unit. The communication unit transmits, to the othercommunication device, the first public key certificate generated by thepublic key certificate generation unit.

(2): in the communication device according to (1) above, the firstsubscriber identification unit may further comprise a first encryptionprocessing unit that performs encryption, by public key cryptography, ofinformation using the secret key recorded in the secret key memory unit,the information including the first subscriber identification unitidentification information or the user identification informationassociated with the first subscriber identification unit identificationinformation.

(3): A communication device according to one aspect of the present eincludes: a first subscriber identification unit that stores firstsubscriber identification unit identification information associatedwith user identification information; a communication unit thatcommunicates with another communication device, the other communicationdevice including a second subscriber identification unit that storessecond subscriber identification unit identification informationassociated with user identification information; and a public keycertificate management unit that saves a public key certificate that thecommunication unit has received from the other communication device. Thefirst subscriber identification unit includes: a key memory unit thatrecords a pair of a public key certificate and a secret key, the pairbeing shared with the second subscriber identification unit; a publickey certificate generation unit that generates, using the secret keyrecorded in the key memory unit, a “first public key certificateincluding the first subscriber identification unit identificationinformation or the user identification information associated with thefirst subscriber identification unit identification information”; asecret key memory unit that records a secret key paired with the firstpublic key certificate generated by the public key certificategeneration unit; and a verification unit that verifies, using the publickey certificate recorded in the key memory unit, a “second public keycertificate including the second subscriber identification unitidentification information or the user identification informationassociated with the second subscriber identification unit identificationinformation” that the communication unit has received from the othercommunication device. The communication unit transmits, to the othercommunication device, the first public key certificate generated by thepublic key certificate generation unit. The public key certificatemanagement unit stores the second public key certificate whose validityhas been verified by the verification unit, in association with thesecond subscriber identification unit identification information or theuser identification information included in the second public keycertificate.

(4): In the communication device according to (3) above, the firstsubscriber identification unit may further include a first encryptionprocessing unit that performs encryption, by public key cryptography, ofinformation using the secret key recorded in the secret key memory unit,the information including the first subscriber identification unitidentification information or the user identification informationassociated with the first subscriber identification unit identificationinformation. The communication device may further include a secondencryption processing unit that performs, using a public key included inthe second public key certificate whose validity has been verified bythe verification unit, encryption, by public key cryptography, ofinformation including the second subscriber identification unitidentification information or the user identification informationassociated with the second subscriber identification unit identificationinformation.

(5): A communication device according to one aspect of the presentinvention may include: a first subscriber identification unit thatstores first subscriber identification unit identification informationassociated with user identification information; a communication unitthat communicates with another communication device, the othercommunication device including a second subscriber identification unitthat stores second subscriber identification unit identificationinformation associated with user identification information; and apublic key certificate management unit that saves a public keycertificate that the communication unit has received from the othercommunication device. The first subscriber identification unit mayinclude: a key memory unit that records a pair of a public keycertificate and a secret key, the pair being shared with the secondsubscriber identification unit; and a verification unit that verifies,using the public key certificate recorded in the key memory unit, a“second public key certificate including the second subscriberidentification unit identification information or the useridentification information associated with the second subscriberidentification unit identification information” that the communicationunit has received from the other communication device. The public keycertificate management unit may store the second public key certificatewhose validity has been verified by the verification unit, inassociation with the second subscriber identification unitidentification information or the user identification informationincluded in the second public key certificate.

(6): In the communication device according to (5) above, thecommunication device may further include: a second encryption processingunit that performs, using a public key included in the second public keycertificate whose validity has been verified by the verification unit,encryption, by public key cryptography, of information including thesecond subscriber identification unit identification information or theuser identification information associated with the second subscriberidentification unit identification information.

(7): The communication device according to any one of (1) to (6) above,may further include: a wireless communication unit that performscommunication via a wireless communication network that is connectedusing the first subscriber identification unit; and a key update unitthat receives, via the wireless communication network, a new pair of apublic key certificate and a secret key, the new pair being shared withthe second subscriber identification unit.

(8): A communication method according to one aspect of the presentinvention is a communication method for a communication device, thecommunication device including: a first subscriber identification unitthat stores first subscriber identification unit identificationinformation associated with user identification information; acommunication unit that communicates with another communication device,the other communication device including a second subscriberidentification unit that stores second subscriber identification unitidentification information associated with user identificationinformation; and a public key certificate management unit that saves apublic key certificate that the communication unit has received from theother communication device, and includes: a key recording step ofrecording, by the first subscriber identification unit, a pair of apublic key certificate and a secret key, the pair being shared with thesecond subscriber identification unit; a public key certificategenerating step of generating, by the first subscriber identificationunit, using the secret key recorded in the key recording step, a “firstpublic key certificate including the first subscriber identificationunit identification information or the user identification informationassociated with the first subscriber identification unit identificationinformation”; a secret key recording step of recording, by the firstsubscriber identification unit, a secret key paired with the firstpublic key certificate generated in the public key certificategenerating step; a transmitting step of transmitting, by thecommunication unit, the first public key certificate generated in thepublic key certificate generating step to the other communicationdevice; a verifying step of verifying, by the first subscriberidentification unit, using the public key certificate recorded in thekey recording step, a “second public key certificate including thesecond subscriber identification unit identification information or theuser identification information associated with the second subscriberidentification unit identification information” that the communicationunit has received from the other communication device; and a storingstep of storing, by the public key certificate management unit, thesecond public key certificate whose validity has been verified in theverifying step, in association with the second subscriber identificationunit identification information or the user identification informationincluded in the second public key certificate.

(9): A computer program according to one aspect of the present inventioncauses a computer of a communication device including a first subscriberidentification unit that stores first subscriber identification unitidentification information associated with user identificationinformation, to realize: a communication function of communicating withanother communication device, the other communication device including asecond subscriber identification unit that stores second subscriberidentification unit identification information associated with useridentification information; and a public key certificate managementfunction of saving a public key certificate that the communicationfunction has received from the other communication device; and causes acomputer of the first subscriber identification unit to realize: a keyrecording function of recording a pair of a public key certificate and asecret key, the pair being shared with the second subscriberidentification unit; a public key certificate generation function ofgenerating, using the secret key recorded by the key recording function,a “first public key certificate including the first subscriberidentification unit identification information or the useridentification information associated with the first subscriberidentification unit identification information”; secret key recordingfunction of recording a secret key paired with the first public keycertificate generated by the public key certificate generation function;and a verification function of verifying, using the public keycertificate recorded by the key recording function, a “second public keycertificate including the second subscriber identification unitidentification information or the user identification informationassociated with the second subscriber identification unit identificationinformation” that the communication function has received from the othercommunication device, and the communication function transmits the firstpublic key certificate generated by the public key certificategeneration function to the other communication device, and the publickey certificate management function stores the second public keycertificate whose validity has been verified by the verificationfunction, in association with the second subscriber identification unitidentification information or the user identification informationincluded in the second public key certificate.

Effect of the Invention

The present invention provides the advantageous effect wherein thevalidity of a communication partner can be verified betweencommunication devices at the time of distribution of a public key, bymeans of subscriber identification information that is associated withuser identification information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing a communication system accordingto a embodiment.

FIG. 2 is a diagram for explaining a communication method according tothe first embodiment.

FIG. 3 is a schematic diagram showing a communication system accordingto a second embodiment.

FIG. 4 is a schematic diagram showing a communication system accordingto a third embodiment.

FIG. 5 is an explanatory diagram showing a communication systemaccording to Example 1 of the third embodiment.

FIG. 6 is an explanatory diagram showing a communication systemaccording to Example 2 of the third embodiment.

EMBODIMENTS FOR CARRYING OUT THE INVENTION

Hereinbelow, embodiments of the present invention will be explained.

First Embodiment

FIG. 1 is a schematic diagram showing a communication system 1 accordingto a first embodiment. In FIG. 1, the communication system 1 includes acommunication device 3-1 and a communication device 3-2. Thecommunication device 3-1 includes a SIM (Subscriber Identity Module)100-1, a communication unit 130 and a control unit 140. The SIM 100-1stores SIM identification information simid1. The SIM identificationinformation simid1 is identification information that is specific to theSIM 100-1. The SIM 100-1 includes a key generation unit 101, a publickey certificate generation unit 102, a verification unit 103, anencryption processing unit 104, a certification authority key memoryunit 105 and a secret key memory unit 106.

The communication device 3-2 has a configuration similar to that of thecommunication device 3-1. In the communication device 3-2 shown in FIG.1, the parts that correspond to pails in the communication device 3-1are denoted by the same reference signs. In the following description,the communication device 3-1 and the communication device 3-2 will bereferred to as a “communication device 3” when making no particulardistinction therebetween. It is possible for a single communicationdevice 3 to have multiple SIMs. For example, the communication device 3may be a communication device that includes multiple SIM slots and thatcan switch connections between any communication network among thecommunication networks corresponding to SIMs that are inserted in theSIM slots.

The communication device 3-2 includes a SIM 100-2. The SIM 100-2 storesSIM identification information simid2. The SIM identificationinformation simid2 is identification information that is specific to theSIM 100-2.

The SIM 100-1 is a SIM that has been issued to a user authenticated by anetwork operator.

The SIM identification information simid1 of the SIM 100-1 is stored ina network operator database 10 in association with user identificationinformation for the user authenticated by the network operator. The SIM100-2, like the SIM 100-1, is a SIM that has been issued to a userauthenticated by the network operator. The SIM identificationinformation simid2 of the SIM 100-2 is stored in the network operatordatabase 10 in association with the user identification information ofthe user authenticated by the network operator. In the followingdescription, the SIM 100-1 and the SIM 100-2 will be referred to as a“SIM 100” when making no particular distinction therebetween. A SIM 100may be a SIM that is issued to a user authenticated by a virtual networkoperator.

The SIM identification information may, for example, be an IMSI(International Mobile Subscriber Identity) or an ICCID (IntegratedCircuit Card ID). Additionally, a telephone number associated with a SIM100 may be used as the SIM identification information of the SIM 100.

The communication unit 130 of the communication device 3-1 and thecommunication unit 130 of the communication device 3-2 communicate witheach other.

The communications between the communication unit 130 of thecommunication device 3-1 and the communication unit 130 of thecommunication device 3-2 may be wireless communications or may be wiredcommunications. For example, the communication unit 130 of thecommunication device 3-1 and the communication unit 130 of thecommunication device 3-2 may communicate via a wireless communicationnetwork such as a wireless LAN or a cellular telephone network.Alternatively, the communication unit 130 of the communication device3-1 and the communication unit 130 of the communication device 3-2 maycommunicate by exchanging signals directly by means of near-fieldwireless communication technology. Alternatively, the communication unit130 of the communication device 3-1 and the communication unit 130 ofthe communication device 3-2 may communicate via a communication networksuch as over the internet or over a fixed-line telephone network or awired. LAN. Alternatively, the communication unit 130 of thecommunication device 3-1 and the communication unit 130 of thecommunication device 3-2 may be connected by and communicate via acommunication cable.

In each communication device 3, a control unit 140 includes a CPU(Central Processing Unit) and a memory, and controls the parts formingthe communication device 3. The control unit 140 includes applications150 as functional units thereof.

A SIM 100 is a type of computer that performs desired functions by meansof computer programs. In the SIM 100, a certification authority memoryunit 105 records a certification authority public key certificate C_Krpand a certification authority secret key Krs, which form a pair. Thecertification authority public key certificate C_Krp is a public keycertificate of a certification authority public key that is paired withthe certification authority secret key Krs. The certification authoritypublic key certificate C_Krp and the certification authority secret keyKrs are safely stored in a SIM 100, for example, when the SIM 100 ismanufactured. The certification authority public key certificate C_Krpand certification authority secret key Krs stored in the SIM 100-1 inthe communication device 3-1 are identical to the certificationauthority public key certificate C_Krp and certification authoritysecret key Krs stored in the SIM 100-2 in the communication device 3-2.

The certification authority key memory unit 105 is provided in a memoryarea, in the SIM 100, which is a non-volatile memory area that cannot beaccessed from outside the SIM 100. Thus, the certification authoritypublic key certificate C_Krp and the certification authority secret keyKrs stored in the certification authority key memory unit 105 cannot beaccessed from outside the SIM 100. Additionally, the SIM 100 istamper-proof. Thus, the certification authority public key certificateC_Krp and the certification authority secret key Krs stored in thecertification authority key memory unit 105 are protected from attackson the SIM 100.

The key generation unit 101 generates a pair of a public key and asecret key. The public key certificate generation unit 102 generates apublic key certificate by using the paired certification authoritypublic key certificate C_Krp and certification authority secret key Krsthat are stored in the certification authority memory unit 105. Thesecret key memory unit 106 records the secret key that is paired withthe public key certificate generated by the public key certificategeneration unit 102. Like the certification authority key memory unit105, the secret key memory unit 106 is stored in a memory area, in theSIM 100, which is a non-volatile memory area that cannot be accessedfrom outside the SIM 100. Thus, the secret key that is stored in thesecret key memory unit 106 cannot be accessed from outside the SIM 100.Additionally, the SIM 100 is tamper-proof, so the secret key stored inthe secret key memory unit 106 is protected from attacks on the SIM 100.

The verification unit 103 verifies a public key certificate received bythe communication unit 130 from another communication device 3 by usingthe certification authority public key certificate C_Krp recorded in thecertification authority key memory unit 105. The encryption processingunit 104 uses the secret key stored in the secret key memory unit 106 tocarry out encryption by means of public key cryptography.

Next, the functions performed by the communication system 1 shown inwill be explained with reference to FIG. 2. FIG. 2 is a diagram forexplaining the communication method according to the present embodiment.FIG. 2 shows the case in which information is transmitted from thecommunication device 3-1 to the communication device 3-2. In this case,an example wherein information is transmitted from the communicationdevice 3-1 to the communication device 3-2 will be explained, but theprocedure is the same when information s transmitted in the oppositedirection, from the communication device 3-2 to the communication device3-1. The procedure is also the same when transmitting and receivinginformation between the communication device 3-1 and anothercommunication device aside from the communication device 3-2. In otherwords, the same applies when transmitting and receiving informationbetween multiple, i.e., three or more, communication devices.

The SIM 100-1 in the communication device 3-1 and the SIM 100-2 in thecommunication device 3-2 store, in the respective certificationauthority key memory units 105, the same certification authority publickey certificate C_Krp and certification authority secret key Krs. InFIG. 2, the certification authority public key certificate C_Krp andcertification authority secret key Krs are stored on secure ROMs in theSIMs 100. The secure ROMs in the SIMs 100 are non-volatile memory areasthat cannot be accessed from outside the SIMs 100.

The control unit 140 in the communication device 3-1 includes, asapplications 150, a public key/secret key issuing application and asignature generation application. The processing for these applicationsis performed in a flash memory in the control unit 140 in thecommunication device 3-1. The control unit 140 in the communicationdevice 3-2 includes, as applications 150, a public key certificatemanagement application and a signature verification application. Theprocessing for these applications is performed in a flash memory in thecontrol unit 140 in the communication device 3-2.

[Public Key Certificate Transmission Procedure]

First, steps S1 to S6 in the public key certificate transmissionprocedure will be explained.

(Step S1)

In the communication device 3-1, the public key/secret key issuingapplication instructs the SIM 100-1 to generate a pair of a public keyand a secret key pair. In response to the instruction, a key generationunit 101 in the SIM 100-1 generates a public key K1 p and a secret keyK1 s. The public key K1 p and the secret key K1 s are generated in asecure RAM inside the SIM 100-1. The secure RAM in the SIM 100-1 is avolatile memory area that cannot be accessed from outside the SIM 100-1.Thus, the processing that occurs in the secure RAM in the SIM 100-1 isconcealed from the outside of the SIM 100-1.

(Step S2)

In the SIM 100-1, the secret key memory unit 106 stores the secret key(own secret key) K1 s generated by the key generation unit 101. In FIG.2, the secret key K1 s is stored in the secure ROM in the SIM 100-1.

(Step S3)

In the SIM 100-1, a public key certificate generation unit 102 generatesa public key certificate C_K1 p for the public key K1 p generated by thekey generation unit 101. This public key certificate C_K1 p is generatedin the secure RAM in the SIM 100-1. The public key certificate C_K1 pcontains the public key K1 p, the SIM identification information simid1and an electronic signature of the public key K1 p. The electronicsignature of the public key K1 p is encrypted data resulting from theencryption, with the certification authority secret key Krs, of a digestof data including the public key K1 p and the SIM identificationinformation simid1. In this case, a hash value is used as an example ofthe digest. Additionally, as an example of the public key certificateformat, a public key certificate format according to the “X.509”standard, which is defined by ITU-T (International TelecommunicationUnion-Telecommunication) or the like is used. The public key K1 p isstored in the designated location in the “X.509” standard public keycertificate format. Additionally, the SIM identification informationsimid1 is stored at the location for “subject parameter: subject name”in the “X.509” standard public key certificate format.

The public key certificate C_K1 p generation method used in the SIM100-1 will be explained in detail. In the SIM 100-1, the public keycertificate generation unit 102 computes a hash value, hash(K1 p,simid1), of the data, in the “X.509” standard public key certificateformat, which contains the public key K1 p and the SIM identificationinformation simid1. Next, the public key certificate generation unit 102encrypts the hash value, hash(K1 p, simid1), using the certificationauthority secret key Krs stored in the certification authority keymemory unit 105 in the SIM 100-1. This encrypted data Krs (hash(K1 p,simid1)) is the electronic signature of the public key K1 p. Next, thepublic key certificate generation unit 102 forms a public keycertificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))”, the “X.509”standard public key certificate format, which includes the public key K1p, the SIM identification information simid1 and the electronicsignature Krs (hash(K1 p, simid1)) of the public key K1 p.

The SIM 100-1 transfers the public key certificate C_K1 p “K1 p, simid1,Krs (hash(K1 p, simid1))” generated by the public key certificategeneration unit 102 to the public key/secret key issuing application.

(Step S4)

In the communication device 3-1, the public key/secret key issuingapplication outputs the public key certificate C_K1 p “K1 p, simid1, Krs(hash(K1 p, simid1))”, received from the SIM 100-1, to the communicationunit 130. The communication unit 130 transmits the public keycertificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))” to thecommunication device 3-2.

In the communication device 3-2, the communication unit 130 receives thepublic key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))”from the communication device 3-1. The communication unit 130 transfersthe public key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p,simid1))” to the public key certificate management application.

(Step S5)

In the communication device 3-2, the public key certificate managementapplication transfers the public key certificate C_K1 p “K1 p, simid1,Krs (hash(K1 p, simid1))” received from the communication device 3-1 tothe SIM 100-2, and instructs the SIM 100-2 to verify the public keycertificate C_K1 p. In the SIM 100-2, the verification unit 103 uses thecertification authority public key certificate C_Krp stored in thecertification authority key memory unit 105 in the SIM 100-2 to verifythe validity of the public key certificate C_K1 p “K1 p, simid1, Krs(hash(K1 p, simid1))”. The public key certificate C_K1 p is verified ina secure RAM inside the SIM 100-2. The secure RAM in the SIM 100-2 is avolatile memory area that cannot be accessed from outside the SIM 100-2.Thus, the processing that occurs in the secure RAM in the SIM 100-2 isconcealed from the outside of the SIM 100-2.

The verification method for the public key certificate C_K1 p in the SIM100-2 will be explained in detail. In the SIM 100-2, the verificationunit 103 acquires the public key K1 p and the SIM identificationinformation simid1 from the public key certificate C_K1 p “K1 p, simid1,Krs (hash(K1 p, simid1))”, and generates verification data containing,in the “X.509” standard public key certificate format, the public key K1p and the SIM identification information simid1 that have been acquired.In the verification data, the public key K1 p is stored in thedesignated location in the “X.509” standard public key certificateformat. In the verification data, the SIM identification informationsimid1 is stored at the location for “subject parameter: subject name”in the “X.509” standard public key certificate format. Next, theverification unit 103 computes the verification hash value, hash′(K1 p,simid1), which is the hash value of the verification data. Next, theverification unit 103 acquires the electronic signature Krs (hash(K1 p,simid1)) from the public key certificate C_K1 p “K1 p, simid1, Krs(hash(K1 p, simid1))”, and decrypts the acquired electronic signatureKrs (hash(K1 p, simid1)) using the certification authority public keyKrp in the certification authority public key certificate C_Krp recordedin the certification authority key memory unit 105 of the SIM 100-2.This decryption results in decrypted data “Krp·Krs (hash(K1 p,simid1))”. Next, the verification unit 103 determines whether theverification hash value, hash′(K1 p, simid1), and the decrypted data“Krp·Krs (hash(K1 p, simid1))” match. If, as a result of thisdetermination, the values match, then the verification of the public keycertificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))” succeeds,and if the values do not match, then the verification of the public keycertificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))” fails.

In the communication device 3-2, the SIM 100-2 notifies the public keycertificate management application of the results of the verification ofthe public key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p,simid1))”.

(Step S6)

In the communication device 3-2, upon being notified by the SIM 100-2that the public key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p,simid1))” has been successfully verified, the public key certificatemanagement application saves the public key certificate C_K1 p “K1 p,Krs (hash(K1 p, simid1))”. The public key certificate C_K1 p is saved byacquiring die SIM identification information simid1 that is stored atthe location for “subject parameter: subject name” in the public keycertificate C_K1 p “K1 p, simid1, Krs (hash(K1 p, simid1))”, and storingthe public key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p,simid1))”, in association with the acquired SIM identificationinformation simid1, in the flash memory inside the control unit 140 inthe communication unit 3-2.

Conversely, upon being notified by the SIM 100-2 that the verificationof the public key certificate C_K1 p “K1 p, simid1, Krs (hash(K1 p,simid1))” has failed, the public key certificate management applicationdiscards the public key certificate “K1 p, simid1, Krs (hash(K1 p,simid1))”. Alternatively, a predetermined error procedure may beexecuted.

[Information Transmission Procedure]

Next, steps S7 to S12 in the public key certificate transmissionprocedure will explained.

(Step S7)

In the communication device 3-1, the signature generation applicationcomputes a digest of the information transmitted to the communicationdevice 3-2. In this case, a hash value is used as an example of thedigest. The signature generation application transfers the computed hashvalue, hash(information), to the SIM 100-1, and generates a signature.

(Step S8)

The encryption processing unit 104 in the SIM 100-1 computes a hashvalue, hash(hash(information), simid1) of data including the SIMidentification information simid1 and the hash value, hash(information),received from the signature generation application. Furthermore, theencryption processing unit 104 encrypts the computed hash value,hash(hash(information), simid1) using the secret key K1 s stored in thesecret key memory unit 106 in the SIM 100-1. The decrypted data K1 s(hash(hash(information), simid1)) is the electronic signature of theinformation transmitted to the communication device 302. This electronicsignature K1 s (hash(hash(information, simid1)) is generated in thesecure RAM inside the SIM 100-1.

(Step S9)

The SIM 100-1 transfers the electronic signature K1 s(hash(hash(information), simid1)) generated by the encryption processingunit 104 to the signature generation application.

(Step S10)

In the communication device 3-1, the signature generation applicationoutputs the electronic signature K1 s (hash(hash(information), simid1))received from the SIM 100-1 to the communication unit 130. Thecommunication unit 130 transmits the electronic signature K1 s(hash(hash(information), simid1)), the information transmitted to thecommunication device 3-2 and the SIM identification information simid1to the communication device 3-2.

In the communication device 3-2, the communication unit 130 receives,from the communication device 3-1, the electronic signature K1 s(hash(hash(information), simid1)), the information and the SIMidentification information simid1. The communication unit 130 transfersthe electronic signature K1 s (hash(hash(information), simid1)), theinformation and the SIM identification information simid1 that have beenreceived to the signature verification application.

(Step S11)

In the communication device 3-2, the signature verification applicationcomputes a verification hash value, hash′(information), which is thehash value of the information received from the communication device3-1. Furthermore, the signature verification application computes averification hash value, hash′(hash′(information), simid1), which is thehash value of data including the SIM identification information simid1received from the communication device 3-1, and the verification hashvalue, hash'(information).

(Step S12)

In the communication device 3-2, the signature verification applicationnotifies the public key certificate management application of the SIMidentification information simid1 received from the communication device3-1, and requests a public key certificate. The public key certificatemanagement application transfers, to the signature verificationapplication, the public key certificate C_K1 p “K1 p, simid1, Krs(hash(K1 p, simid1))” that is saved in association with the SIMidentification information simid1 obtained from the signatureverification application. The signature verification applicationacquires a public key K1 p from the public key certificate C_K1 p “K1 p,simid1, Krs (hash(K1 p, simid1))” received from the public keycertificate management application. The signature verificationapplication uses the acquired public key K1 p to decrypt the electronicsignature K1 s (hash(hash(information), simid1)) received from thecommunication device 3-1. This decryption results in decrypted data “K1p·K1 s (hash(hash(information), simid1))”. The signature verificationapplication determines whether the verification hash value,hash′(hash′(information), simid1), and the decrypted data “K1 p·K1 s(hash(hash(information), simid1))” match. If, as a result of thisdetermination, the values match, then the validity of the informationreceived from the communication device 3-1 is successfully verified.Conversely, if the values do not match, then the verification of thevalidity of the information received from the communication device 3-1fails. In the case of failure, the information received from thecommunication device 3-1 is discarded. Alternatively, a predeterminederror procedure may be executed. For example, it may be reported thatthe information received from the communication device 3-1 has beenaltered, or it may be reported that the transmitter of the informationis fake (an impostor or the like).

According to the present embodiment, the communication device 3functions as a certification authority (CA) and generates a public keycertificate. Thus, the supplier of the public key (public keycertificate) does not need to go through the hassle of sending thepublic key to a certification authority, which is a third-partyorganization, in order to be issued a public key certificate. As aresult thereof, the advantageous effect of being able to reduce thehassle of exchanging public keys (public key certificates) can beobtained. Additionally, compared to the case in which conventional PKIis used, the cost and the burden of application procedures and the likecan be reduced.

In the present embodiment, the SIM 100 provided in the communicationdevice 3 is a SIM that has been user-authenticated by a networkoperator. This means that the communication device 3 could serve as abasis for trust as a certification authority.

In the present embodiment, the decryption processing unit 104 in the SIM100 is an example of a first decryption processing unit. The signatureverification application, which is one of the applications 150 in thecontrol unit 140 of the communication device 3, is an example of thepublic key certificate management. The SIM 100 is an example of asubscriber identification unit.

The person operating the communication device 3 could be bound to(associated with) the communication device 3. For example, it ispossible to apply memory authentication in which a predeterminedpassword must be entered for operations and information that requireauthentication. Specifically, for example, when the communication device3 generates a public key or a public key certificate, the personoperating the communication device 3 may be required to enter apredetermined password. Additionally, when appending an electronicsignature using the secret key in the SIM 100 in the communicationdevice 3, the person operating the communication device 3 may berequired to enter a predetermined password.

Additionally, the electronic signature may be applied by indicating, ina form in the public key certificate or in an attribute certificateassociated with the public key certificate, the operation history(information on the location during operation, application runninghistory and the like), on the condition that the permission of the ownerof the communication device 3 is obtained.

Additionally, the electronic signature may be applied by indicating, ina form in the public key certificate or in an attribute certificateassociated with the public key certificate, information regarding theowner of the communication device 3 held by the network operator, on thecondition that the permission of the owner is obtained.

Additionally, SIM is a generic name for communication modules that storespecific identification information associated with user identificationinformation, and is not limited to being a communication module that isused for a specific communication system. For example, a UIM (Useridentity Module), a USIM (Universal Subscriber Identity Module), an eSIM(Embedded Subscriber Identity Module) or the like may be used.

The communication device 3 transmitting the public key certificate neednot have a public key certificate verification function and a public keycertificate saving function. Specifically, the communication device 3transmitting the public key certificate need not have a verificationunit 103 and a public key certificate management application.

Additionally, the communication device 3 receiving the public keycertificate need not have a public key certificate generation function.Specifically, the communication device 3 receiving the public keycertificate need not have a public key certificate generation unit 102and a secret key memory unit 106.

Additionally, a pair of a public key and a secret key pair may beprestored in a SIM 100. For example, a pair of a public key and a secretkey may be stored in the SIM 100 at the time of manufacture of the SIM100. If a pair of a public key and a secret key is prestored in the SIM100, then the SIM 100 need not have a key generation unit 101.

Additionally, multiple pairs of public keys (public key certificates)and secret keys may be generated or saved. In this case, for example,the communication device 3 may use a different pair of a public key(public key certificates) and a secret key depending on thecommunication partner. Additionally, if a certain pair of a public key(public key certificate) and a secret key is leaked, then thecommunication device 3 may switch to a different pair.

User identification information associated with SIM identificationinformation may be included, in the public key certificate. When useridentification information is included in the public key certificate,the SIM identification information need not be included in the publickey certificate. Additionally, when user identification information isincluded in the public key certificate, the public key certificatemanagement unit may store the public key certificate in association withthe user identification information.

Additionally, the user identification information associated with theSIM identification information may be included in the electronicsignature of the transmitted information. In this case, whentransmitting the information, the user identification information andthe electronic signature are transmitted together therewith.

Second Embodiment

The second embodiment is a modification of the above-described firstembodiment. FIG. 3 is a schematic diagram showing a communication system1 according to the second embodiment. In FIG. 3, the parts thatcorrespond to parts in FIG. 1 are denoted by the same reference signsand the explanations thereof will be omitted. The communication device 3according to the second embodiment shown in FIG. 3 includes a wirelesscommunication unit 160 and a certification authority key update unit 170in addition to the communication device 3 of the above: described firstembodiment shown in FIG. 1. Hereinbelow, the second embodiment will beexplained with a focus on the differences from the above-described firstembodiment.

In the communication device 3, the wireless communication unit 160performs communication via a wireless communication network 40 withwhich it connects by using the SIM 100. The SIM 100 stores informationallowing the wireless communication network 40 to be used. The wirelesscommunication unit 160 can make use of the wireless communicationnetwork 40 by using the SIM 100. The wireless communication unit 160connects to the wireless communication network 40 by means of a wirelesscommunication channel that is established by using the SIM 100.

The certification authority key update unit 170 receives, from amanagement server device 30, via the wireless communication network 40,a new pair of a certification authority public key certificate and acertification authority secret key, which is shared with a SIM 100 ofanother communication device 3. The management server device 30 managesthe pair of a certification authority public key certificate and acertification authority secret key. The management server device 30transmits, to multiple communication devices 3, via the wirelesscommunication network 40, a new pair of a certification authority publickey certificate and a certification authority secret key, which isshared between the SIMs 100 of multiple communication devices 3. Thecertification authority key update unit 170 transfers, to the SIM 100,the pair of a certification authority public key certificate and acertification authority secret key that has been received, via thewireless communication network 40, from the management server device 30,and instructs the SIM 100 to update the pair of a certificationauthority public key certificate and a certification authority secretkey. The SIM 100 stores the pair of a certification authority public keycertificate and a certification authority secret key received from thecertification authority key update unit 170 in the certificationauthority key memory unit 105 as the latest pair of a certificationauthority public key certificate and a certification authority secretkey.

As a result thereof, the pair of a certification authority public keycertificate and a certification authority secret key that is shared bythe SIMs 100 of multiple communication devices 3 is updated to a newpair of a certification authority public key certificate and acertification authority secret key.

According to the present embodiment, if, for some reason, the pair of acertification authority public key certificate and a certificationauthority secret key held in the SIM 100 is updated to a new pair, thenthe new pair of a certification authority public key certificate and acertification authority secret key can be supplied to the SIMs 100 bymeans of wireless communication. Thus, there is no hassle such as theneed to exchange the SIM 100 or the like in order to update a pair of acertification authority public key certificate and a certificationauthority secret key with a new pair. As a result thereof, it ispossible to obtain the advantageous effect of being able to reduce theburden when updating the pair of a certification authority public keycertificate and a certification authority secret key to a new pair.

Third Embodiment

The third embodiment is an example of an application of theabove-described first embodiment or second embodiment. FIG. 4 is aschematic diagram showing communication system 1 according to the thirdembodiment. The communication system 1 shown in FIG. 4 includes acommunication terminal 3-3 and a communication terminal 3-4. Thecommunication terminal 3-3 and the communication terminal 3-4 haveconfigurations similar to those of the communication device 3 in theabove-described first embodiment or the second embodiment. Thecommunication terminal 3-3 and the communication terminal 3-4 may, forexample, be a portable communication terminal device such as asmartphone or a tablet-type computer (tablet PC) or the like, or astationary communication terminal device (e.g., a desktop personalcomputer, server computer, home gateway or the like).

The communication terminal 3-3 includes a SIM 100-3. The communicationterminal 3-4 includes a SIM 100-4. The SIM 100-3 and the SIM 100-4 haveconfigurations similar to those of the SIM 100 in the above-describedfirst embodiment or the second embodiment. Thus, the SIM 100-3 and theSIM 100-4 include certification authorities (CA) 210 as functional unitsthereof. Thus, the communication terminal 3-3 and the communicationterminal 3-4 function as certification authorities (CAs). Thecertification authority 210 of the SIM 100-3 and the certificationauthority 210 of the SIM 100-4 have the same pair of a certificationauthority public key certificate and a certification authority secretkey.

The SIM 100-3 and the SIM 100-4 have clients 220 as functional unitsthereof. In the SIM 100-3, the client 220 transfers its own public keyto the certification authority 210 and has it generate a public keycertificate (client public key certificate) for said public key.Similarly, in the SIM 100-4, the client 220 transfers its own public keyto the certification authority 210 and has it generate a public keycertificate (client public key certificate) for said public key.

The communication terminal 3-3 and the communication terminal 3-4 haveapplications 240. The processing for these applications 240 is performedin a memory 230 in a local communication terminal. The applications 240perform an authentication process and a signature process.

As shown in FIG. 4, in the communication system 1 according to the thirdembodiment, the communication terminal 3-3 and the communicationterminal 3-4 transmit their own client public key certificates tocommunication partners. The communication terminal 3-3 and thecommunication terminal 3-4 each verify the validity of the receivedclient public key certificate by means of its own certificationauthority 210. The communication terminal 3-3 and the communicationterminal 3-4 use the client public key certificate of the communicationpartner after confirming the validity thereof by means of its owncertification authority 210. The client public key certificate is usedfor two-way authentication between the communication terminals and inelectronic signatures on information exchanged between the communicationterminals. Two-way authentication methods include, for example,challenge/response authentication methods.

Next, examples of the third embodiment will be explained.

Example 1

Example 1 of the third embodiment will be explained with reference toFIG. 5. FIG. 5 is an explanatory diagram showing a communication system1 according to Example 1 of the third embodiment. The communicationsystem 1 shown in FIG. 5 is applied to an online banking service system.In FIG. 5, the communication terminal 3-3 includes an online bankingservice system application 310. The communication terminal 3-4 includesa service site 320 for the online banking service system. Herebelow, thecommunication method according to the communication system 1 shown inFIG. 5 will be explained.

(Step S101)

In the communication terminal 3-3, the application 310 performs a userID (identification information) and password input process as a processfor logging into the service site 320. The application 310 transmits theID and password inputted by the user to the service site 320 in thecommunication terminal 3-4. In the communication terminal 3-4, theservice site 320 performs the login process by verifying the validity ofthe ID and password received from the application 310 in thecommunication terminal 3-3. If the verification succeeds, then theprocedure advances to subsequent processes. However, if the verificationof the 1D and the password fails, then the procedure is terminated. Itis also possible to execute a predetermined error procedure when theverification of the ID and password fails.

(Step S102)

In the communication terminal 3-3, the application 310 transmits theclient public key certificate the local communication terminal to theservice site 320 of the communication terminal 3-4.

(Step S103: Verification)

In the communication terminal 3-4, the service site 320 verities thevalidity of the client public key certificate received from theapplication 310 of the communication terminal 3-3 by means of thecertification authority 210 in the local communication terminal. If thisverification succeeds, then the procedure advances to subsequentprocesses. However, if the verification of the client public keycertificate fails, then the procedure is terminated.

It is also possible to execute a predetermined error procedure when theverification of the ID and password fails.

(Step S104)

In the communication terminal 3-4, the service site 320 generates arandom number and uses the generated random number as a challenge value.The service site 320 transmits the challenge value (random number) tothe application 310 in the communication terminal 3-3.

(Step S105)

In the communication terminal 3-3, the application 310 encrypts thechallenge value (random number) received from the service site 320 inthe communication terminal 3-4 using the secret key Ks that is pairedwith the client public key certificate of the local communicationterminal. The encryption of the challenge value (random number) isperformed in a secure RAM inside the SIM 100-3 in the communicationterminal 3-3. The application 310 transmits encrypted data Ks (randomnumber), which is the result of encryption of the challenge value(random number), to the service site 320 of the communication terminal3-4, as a response value.

(Step S106: Verification)

In the communication terminal 3-4, the service site 320 verifies thevalidity of the response value Ks (random number) received from theapplication 310 in the communication terminal 3-3 by using the publickey of the client public key certificate of the communication terminal3-3. For example, if the result decryption of the response value Ks(random number) with the public key matches the challenge value (randomnumber), then the verification is considered to be successful, whereasif it does not match the challenge value (random number), then theverification is considered to have failed. If the response value Ks(random number) is successfully verified, then the login to the servicesite 320 is considered to have succeeded. Conversely, if theverification of the response value Ks (random number) fails, then thelogin to the service site 320 is considered to have failed. It is alsopossible to execute a predetermined error procedure when theverification of the response value Ks (random number) fails.

According to the present Example 1, during user authentication, it ispossible to further perform challenge/response authentication inaddition to ID/password authentication. As a result thereof, userauthentication can be performed by means of two authentication elements,i.e., ID/password authentication and challenge/response authentication,so the reliability of user authentication is improved. For this reason,while the reliability of ID/password authentication has beenconventionally raised by using random number tables for updatingpasswords or by using tools such as time-synchronized one-time passwordgeneration applications, according to the present Example 1, theoperation can be completed without using such tools.

Additionally, the service site 320 saves the client public keycertificate of the communication terminal 3-3, so that if the userbecomes unable to use the client public key certificate of thecommunication terminal 3-3 clue to loss of the communication terminal3-3, the user authentication of the user will fail during thechallenge/response authentication. This functions as a remote lockagainst logging into the service site 320 by means of the user ID whenthe communication terminal 3-3 is lost.

Example 2

Example 2 of the third embodiment will be explained with reference toFIG. 6. FIG. 6 is an explanatory diagram showing a communication system1 according to Example 2 of the third embodiment. The communicationsystem 1 shown in FIG. 6 is applied to an online shopping servicesystem. In FIG. 6, the communication terminal 3-3 includes an onlineshopping service system application 410. The communication terminal 3-4includes a service site 420 for the online shopping service system.

Herebelow, the communication method according to the communicationsystem 1 shown in FIG. 6 will be explained. In FIG. 6, the parts thatcorrespond to steps in FIG. 5 are denoted by the same reference signsand the explanations thereof will be omitted.

In FIG. 6, as a result of execution of the procedure from steps S101 toS106, the user has been successfully authenticated, and the user hassuccessfully logged into the service site 420 with the user ID.Subsequently, the user performs online shopping purchase operationsusing said ID at the service site 420.

(Step S201)

In the communication terminal 3-3, the application 410 uses the secretkey Ks paired with the public key of the client public key certificateof the local communication terminal to generate an electronic signatureof purchase operation info nation indicating a purchase operationperformed by the user. This electronic signature is generated in thesecure RAM inside the SIM 100-3 in the communication terminal 3-3. Theapplication 410 transmits the purchase operation information and theelectronic signature of the purchase operation information to theservice site 320 of the communication terminal 3-4.

(Step S202: Verification)

In the communication terminal 3-4, the service site 420 verifies thevalidity of the electronic signature of the purchase operationinformation received from the application 410 in the communicationterminal 3-3 by using the public key of the client public keycertificate in the communication terminal 3-3. The verification of theelectronic signature of the purchase operation information succeeds,then the service site 420 accepts the purchase operation indicated bythe purchase operation information received from the application 410 inthe communication terminal 3-3. As a result thereof, the purchaseoperation performed by the user is executed at the service site 420.Conversely, if the verification of the electronic signature of thepurchase operation information fails, then the service site 420 does notaccept the purchase operation indicated by the purchase operationinformation received from the application 410 in the communicationterminal 3-3. As a result thereof, the purchase operation performed bythe user is not executed at the service site 420. It is also possible toexecute a predetermined error procedure when the verification of theelectronic signature of the purchase operation information fails.

According to present Example 2, as with the above-described Example 1,user authentication can be performed by means of two authenticationelements, i.e., ID/password authentication and challenge/responseauthentication, so the reliability of user authentication is improved.

Additionally, according to present Example 2, when accepting a purchaseoperation, the validity of the purchase operation can be confirmed byverifying the validity of the electronic signature of the purchaseoperation information. Due thereto, while personal confirmation bytelephone was conventionally performed in order to confirm the validityof a purchase operation, according to present Example 2, the operationcan be completed without performing personal confirmation by telephone.

While embodiments of the present invention have been described in detailabove by referring to the drawings, the specific structure is notlimited to these embodiments, and design modifications and the likewithin a range not departing from the gist of the present invention areincluded.

A computer program for carrying out the functions of the communicationdevices or communication terminals according to the above-describedembodiments may be recorded onto a computer-readable recording medium,and the program recorded on this recording medium may be read into acomputer system and executed. The “computer system” as used herein mayinclude an OS and hardware such as peripheral devices.

Additionally, the “computer-readable recording medium” refers toportable media such as flexible disks, magneto-optic discs, ROMs(Read-Only Memory), writable non-volatile memory devices such as flashmemories, and DVDs (Digital Versatile Discs), or memory devices such ashard disks that are internal to the computer system.

Furthermore, the “computer-readable recording medium” also includesmedia that only hold the program for a certain period of time, such asvolatile memory devices (e.g., DRAM (Dynamic Random Access Memory))inside computer systems that serve as servers or clients when theprogram is being transmitted over a network such as the internet or overcommunication lines such as telephone lines.

Additionally, the above-mentioned program may be transmitted from acomputer system that stores the program in a memory device or the like,to another computer system, via a transmission medium or by transmissionwaves in a transmission medium. In this case, the “transmission medium”that transmits the program refers to media having the function oftransmitting information, including networks (communication networks)such as the Internet or communication lines (communication cables) suchas telephone lines.

Additionally, the above-mentioned program may be for implementing justsome of the aforementioned functions.

Furthermore, the above-mentioned program may be implemented by combiningthe aforementioned functions with a program that is already recorded inthe computer system, such as a so-called difference file (differenceprogram).

INDUSTRIAL APPLICABILITY

The present invention may be applied to a communication device, acommunication and a computer program.

REFERENCE SYMBOLS

-   1 Communication system-   3-1, 3-2 Communication terminal-   10 Network operator database-   30 Management server device-   40 Wireless communication network-   100-1 to -4 SIM-   101 Key generation unit-   102 Public key certificate generation unit-   103 Verification unit-   104 Encryption processing unit-   105 Certification authority memory unit-   106 Secret key memory unit-   130 Communication unit-   140 Control unit-   160 Wireless communication unit-   170 Certification authority key update unit-   210 Certification authority

The invention claimed is:
 1. A communication apparatus comprising: afirst subscriber identity module that stores first subscriber identitymodule identification information associated with first useridentification information; and a wired or wireless communication devicethat communicates with another communication apparatus, the othercommunication apparatus comprising a second subscriber identity modulethat stores second subscriber identity module identification informationassociated with second user identification information, wherein thefirst subscriber identity module comprises: a certification authoritykey memory that records a pair of a certification authority public keycertificate and a certification authority secret key, the pair beingshared with the second subscriber identity module; a memory storinginstructions; and a processor configured to execute the instructions togenerate a first public key certificate comprising a first public key;the first subscriber identity module identification information or thefirst user identification information; and an electric key signature ofthe first public key, the electric key signature being encrypted dataresulting from an encryption, with the certification authority secretkey, of data including the first public key and the first subscriberidentity module identification information or the first useridentification information, and wherein the wired or wirelesscommunication device transmits, to the other communication apparatus,the first public key certificate.
 2. The communication apparatusaccording to claim 1, wherein the first subscriber identity modulefurther comprises a secret key memory that records a secret key pairedwith the first public key certificate, and wherein the processor isfurther configured to execute the instructions to perform an encryption,by public key cryptography, of information using the secret key recordedin the secret key memory, the information comprising the firstsubscriber identity module identification information or the first useridentification information.
 3. A communication apparatus comprising: afirst subscriber identity module that stores first subscriber identitymodule identification information associated with first useridentification information; and a wired or wireless communication devicethat communicates with another communication apparatus, the othercommunication apparatus comprising a second subscriber identity modulethat stores second subscriber identity module identification informationassociated with second user identification information, wherein thefirst subscriber identity module comprises: a certification authoritykey memory that records a pair of a certification authority public keycertificate and a certification authority secret key, the pair beingshared with the second subscriber identity module; a memory storinginstructions; and a processor configured to execute the instructions togenerate a first public key certificate comprising a first public key;the first subscriber identity module identification information or thefirst user identification information; and a first electric keysignature of the first public key, the first electric key signaturebeing encrypted data resulting from an encryption, with thecertification authority secret key, of data including the first publickey and the first subscriber identity module identification informationor the first user identification information, wherein the processor isfurther configured to execute the instructions to verify, using thecertification authority public key certificate, a second public keycertificate that the communication apparatus has received from the othercommunication apparatus, the second public key certificate comprising asecond public key; the second subscriber identity module identificationinformation or the second user identification information; and a secondelectric key signature of the second public key, the second electric keysignature being encrypted data resulting from an encryption, with thecertification authority secret key, of data including the second publickey and the second subscriber identity module identification informationor the second user identification information, and wherein the wired orwireless communication device transmits, to the other communicationapparatus, the first public key certificate.
 4. The communicationapparatus according to claim 3, wherein the first subscriber identitymodule further comprises a secret key memory that records a secret keypaired with the first public key certificate, wherein the processor isfurther configured to execute the instructions to perform an encryption,by public key cryptography, of information using the secret key recordedin the secret key memory, the information comprising the firstsubscriber identity module identification information or the first useridentification information, and wherein the processor is furtherconfigured to execute the instructions to perform, using the secondpublic key of the second public key certificate whose validity has beenverified, an encryption, by public key cryptography, of informationcomprising the second subscriber identity module identificationinformation or the second user identification information.
 5. Acommunication apparatus comprising: a first subscriber identity modulethat stores first subscriber identity module identification informationassociated with first user identification information; and a wired orwireless communication device that communicates with anothercommunication apparatus, the other communication apparatus comprising asecond subscriber identity module that stores second subscriber identitymodule identification information associated with second useridentification information, wherein the first subscriber identity modulecomprises: a certification authority key memory that records a pair of acertification authority public key certificate and a certificationauthority secret key, the pair being shared with the second subscriberidentity module; a memory storing instructions; and a processorconfigured to execute the instructions to verify, using thecertification authority public key certificate a second public keycertificate that the wired or wireless communication device has receivedfrom the other communication apparatus, the second public keycertificate comprising a second public key; the second subscriberidentity module identification information or the second useridentification information; and a second electric key signature of thesecond public key, the second electric key signature being encrypteddata resulting from an encryption, with the certification authoritysecret key, of data including the second public key and the secondsubscriber identity module identification information or the second useridentification information.
 6. The communication apparatus according toclaim 5, wherein the processor is further configured to execute theinstructions to perform, using the second public key of the secondpublic key certificate whose validity has been verified, an encryption,by public key cryptography, of information comprising the secondsubscriber identity module identification information or the second useridentification information.
 7. The communication apparatus according toclaim 1, further comprising: a wireless communication device thatperforms communication via a wireless communication network that isconnected using the first subscriber identity module, wherein thewireless communication device receives, via the wireless communicationnetwork, a new pair of a public key certificate and a secret key, thenew pair being shared with the second subscriber identity module.
 8. Acommunication method for a communication apparatus, the communicationapparatus including i) a first subscriber identity module that storesfirst subscriber identity module identification information associatedwith first user identification information, and ii) a wired or wirelessa communication device that communicates with another communicationapparatus, the other communication apparatus comprising a secondsubscriber identity module that stores second subscriber identity moduleidentification information associated with second user identificationinformation, the method comprising: recording, by the first subscriberidentity module, a pair of a certification authority public keycertificate and a certification authority secret key, the pair beingshared with the second subscriber identity module; generating, by thefirst subscriber identity module, a first public key certificatecomprising a first public key; the first subscriber identity moduleidentification information or the first user identification information;and a first electric key signature of the first public key, the firstelectric key signature being encrypted data resulting from anencryption, with the certification authority secret key, of dataincluding the first public key and the first subscriber identity moduleidentification information or the first user identification information;transmitting, by the wired or wireless communication device, the firstpublic key certificate to the other communication apparatus; andverifying, by the first subscriber identity module, using thecertification authority public key certificate, a second public keycertificate that the wired or wireless communication device has receivedfrom the other communication apparatus, the second public keycertificate comprising a second public key; recording a pair of acertification authority public key certificate and a certificationauthority secret key, the pair being shared with the second subscriberidentity module; generating a first public key certificate comprising afirst public key; the first subscriber identity module identificationinformation or the first user identification information; and a firstelectric key signature of the first public key, the first electric keysignature being encrypted data resulting from an encryption, with thecertification authority secret key, of data including the first publickey and the first subscriber identity module identification informationor the first user identification information; and verifying, using thecertification authority public key certificate, a second public keycertificate that has been received from the other communicationapparatus, the second public key certificate comprising a second publickey; the second subscriber identity module identification information orthe second user identification information; and a second electric keysignature of the second public key, the second electric key signaturebeing encrypted data resulting from an encryption, with thecertification authority secret key, of data including the second publickey and the second subscriber identity module identification informationor the second user identification information.
 9. A non-transitorycomputer-readable recording medium storing a computer program thatcauses a computer of a communication apparatus comprising a firstsubscriber identity module that stores first subscriber identity moduleidentification information associated with first user identificationinformation, to execute: communicating with another communicationapparatus, the other communication apparatus comprising a secondsubscriber identity module that stores second subscriber identity moduleidentification information associated with second user identificationinformation; the second subscriber identity module identificationinformation or the second user identification information; and a secondelectric key signature of the second public key, the second electric keysignature being encrypted data resulting from an encryption, with thecertification authority secret key, of data including the second publickey and the second subscriber identity module identification informationor the second user identification information, wherein the communicatingcomprises transmitting the first public key certificate to the othercommunication apparatus.